He told 'The Hacker News' that the vulnerabilities can be exploited by any remote hacker just by exploiting a very simple loophole in the firmware.

First, he found that an unauthorized access is available to 'Firmware/Romfile Upgrade' Section on the Router's panel that can be accessed without any login password i.e. http://IP//rpFWUpload.htmlThis page actually allows a user to upgrade the Firmware of the router and also allows to download the Romfile Backup file (rom-0) i.e. http://IP address/rom-0 (as shown)

This Romfile contains the administrative password of the Router and can be retrieved in plain text by reverse engineering it using a free online service: http://50.57.229.26/zynos.php. One just need to upload the Romfile and can get plain text output easily. Router's password will be displaced in the very first line of the output, as shown below:

He claimed that he has tested the IP address range that belongs to Algeria i.e. 41.107. x. x and found thousands of them are vulnerable to hackers.

A Quick search on SHODAN Search Engine using keyword 'RomPager country:dz' showing more than 2,59,744 devices available on the Internet and 95% of them are now at risk.

ABDELLI also submitted an automated exploit POC script on GITHUB, that can scan the complete subnet for vulnerable routers and will display respective passwords on the screen, as shown:

I have tested the flaw over 100's of routers, and found this as a very critical bug. Simply by changing the DNS servers from the victim's router, one can redirect the users' traffic to any malicious server. Such attacks allow hackers to inject the malicious DNS server to perform advance phishing attacks against Facebook, Gmail, Bank Accounts and also whole system can also be compromised.

There is no patch yet available from the vendor, so to prevent yourself from such vulnerability you can forward port 80 to any other website or unused IP address of your network.

The Algerian hacker linked with the SpyEye computer virus, designed to steal financial and personal information was extradited by Thailand to the United States to face charges that he hijacked customer accounts at more than 200 banks and financial institutions and have been used to steal more than $100 million in the last five years.

A SpyEye allowed cybercriminals to alter the display of Web pages in the victims' browsers as a way to trick them into turning over personal financial information. The virus only impacts PCs and not Macintosh operating systems.

A report issued last year by security firms McAfee said that about a dozen cybercrime groups have been using variants of Zeus and SpyEye, which automate the process of transferring money from bank accounts. The stolen funds are transferred to prepaid debit cards or into accounts controlled by money mules, allowing the mules to withdraw the money and wire it to the attackers.

Hamza Bendelladj, also known as Bx1, faces 23 charges in an indictment (PDF) returned in December 2011 and unsealed Friday. U.S. Attorney Sally Yates said the man was extradited to Atlanta from Thailand on Thursday and was arraigned in federal court Friday afternoon. Wearing a dress shirt and black athletic pants, he smiled frequently and chatted in the courtroom. He said he didn't need an interpreter because he spoke fluent English.

A second person is also charged in the indictment but has not been identified. Investigators could not disclose whether the person was in the U.S. or abroad. Officials also could not disclose what information led them to Bendelladj.

According to court documents, from 2009 to 2011, Bendelladj and others allegedly developed, marketed and sold various versions and components of the SpyEye Trojan. Bendelladj allegedly advertised the malware on cybercrime forums, and operated command and control servers, including one in Atlanta, Georgia.

If convicted, Bendelladj faces up to 30 years in prison for conspiracy to commit wire and bank fraud, and up to five years for conspiracy to commit computer fraud. The 21 counts of wire and computer fraud carry maximum sentences of between five and 20 years each. The man may also be fined up to $14 million.

Also now Hackers have developed a mobile version of SpyEye called Spitmo, which targets victims' smartphones. Cyber Criminals can steal personal information through victims' computers and forward themselves text messages from the victims' cell phones to fraudulently verify the person's identity and lock them out of bank accounts and other personal accounts.

Last week, Happy Hackerarrested in Thailand on charges of stealing millions from online bank accounts. According to new reports same hacker alleged as ZeuS Mastermind and used to have the profile of a miscreant nicknamed “bx1,” a hacker fingered by Microsoft before as a major operator of botnets powered by the ZeuS banking trojan.

He remained smiling throughout a press conference in which Thai police explained that Thailand will seek to extradite Mr Bendelladj to the US state of Georgia, where a court has issued a warrant for his arrest.

24-year-old Algerian Hacker , Hamza Bendelladjarrested at a Bangkok airport enroute from Malaysia to Egypt. The ZeuS botnet is one of the most notorious in existence, and it’s also one that has earned its masters some pretty massive payouts.

The Email ID's daniel.h.b@universityofsutton.com, and danieldelcore@hotmail.com mentioned by Microsoft in a complaint submitted to the U.S. District Court for the Eastern District of Virginia, appear to be linked to the man.

Mr Bendelladj, who graduated in computer sciences in Algeria in 2008, has allegedly hacked private accounts in 217 banks and financial companies worldwide.

Thai police arrested an Algerian Hacker, wanted by the US Federal Bureau of Investigation for allegedly making millions from cybercrime. Hamza Bendelladj, 24, was arrested late Sunday while attempting to transit through Bangkok's Suvarnabhumi Airport from Malaysia.

Police confiscated from Bendelladj two laptops, one tablet computer, a satellite phone and a number of external hard drives, where satellite phone and notebook computer were his main tools, the commissioner said.

Bendelladj graduated in computer sciences from Algeria in 2008, has allegedly hacked private accounts in 217 banks and financial companies worldwide. "With just one transaction he could earn 10 to 20 million dollars," Lt Gen Phanu said. "He's been travelling the world flying first class and living a life of luxury."

Bendelladj will be extradited to the U.S. state of Georgia, where a district court has issued an arrest warrant. “I'm not in the top 10, maybe just 20th or 50th,” Bendelladj said with a laugh. “I am not a terrorist.”

Good news, we bring an amazing deal of this month for our readers, where you can get hacking courses for as little as you want to pay and if you beat the average price you will receive the fully upgraded hacking bundle!

Algerian Hacker today hijack DNS Yahoo, Microsoft or Google and Paypal redirect users to a deface page. Credit being taken by Hacker going by name MCA-CRB, a serial website defacer.

MCA-CRB is a prolific online graffiti artist who has defaced at least 5,000 sites, according to records kept by Zone-H. After Hijacking both domains resolve to an IP address located in the Netherlands,” at 95.128.3.172 (server1.joomlapartner.nl).

“When we heard about this incident, we were pretty skeptical about the attack. A site such as Google’s can be theoretically hacked, but it is very unlikely. Then we noticed that both domains were directed to an IP address in the Netherlands […], so it seemed more like a DNS poisoning attack,” said Stefan Tanase from Kaspersky Lab Romania.

"All we know is that Google's public DNS servers (8.8.8.8 and 8.8.4.4) were resolving requests for google.ro and other major .RO websites to the IP address hosting the defacement page," Tanase said.

Google Romania also explained it was a domain issue and the company is currently investigating the issue with the organization responsible for managing domain names in Romania, Romania Top Level Domain.

Algerian hackers going by name ‘SanFour25’ yesterday deface 7 Indian government websites including Indian Defence Research and Development Organisation (DRDO), West Bengal police and the Prime Minister’s Office (PMO) websites.

According to TheHindu, The most sensitive website that came under attack was the one operated by the Recruitment and Assessment Centre (RAC) of the DRDO (www.rac.gov.in/experts/Dz.php). The website was down for over 9 hours, which actually deals with the recruitment of scientists to the several laboratories of the DRDO.

List of Hacked domains:

http://rciregistration.nic.in/rehabcouncil/Dz.txt

policewb.gov.in/wbp/counter.txt

www.rac.gov.in/experts/Dz.php

www.diu.gov.in/departments/Dz.php

gpra.nic.in/writereaddata/Dz.php

birapdbt.nic.in/video/Dz.php

iii.gov.in/tmp/Dz.php

Mirrors of hacked sites are available on Zone-H at SanFour25 archive. It is possible that the hackers could have attacked the website to get details of the scientists. Because it was an "Algerian" , that makes the issue very sensitive for CBI.